Data protection – herpotherm® EN
DATA PROTECTION STATEMENT
We, the operators of the website www.herpotherm.com, take the protection of your personal data very seriously and strictly observe data protection standards—the (EU) General Data Protection Regulation (GDPR), the (German) Federal Data Protection Act (BDSG), the (German) Telemedia Act (TMG) and other legal provisions. The object of data protection is personal data. This is all information that relates to an identified or identifiable natural person. It includes, for example, information such as name, postal address, e-mail address or telephone number, but also usage data such as your IP address.
In the following, we wish to inform you about how we handle your personal data.
1.1 Controller and data protection officer
The website www.herpotherm.com is an offering of MibeTec (“Operator” herein). MibeTec is therefore the controller in terms of Art. 5 (2) GDPR.
You can reach our data protection officer at the address mentioned in the site notice.
1.2 Purposes and scope of data processing when visiting the website
Upon each access by a user to a page of our website and upon each retrieval of a file, access data concerning this process is stored in a log file on our server.
Each dataset is comprised of:
- the page from which the file was requested (referrer URL)
- the name of the file
- the date and time of the request (“time stamp”)
- the amount of data transferred
- the access status (file transferred, file not found, etc.)
- the access method used (get, head, post) and violations of it (trace, flurp, etc.)
- encryption algorithm used (TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3) and cipher suite
- violations of HPKP
- HTTP protocol used (HTTP1.0, HTTP1.1, HTTP2.0) and violations of the RFC definition of the protocol
- transmission compression used (gzip, deflate, brotli)
- browser cache status during recurring visit
- server cache responses and changes
- violations of CSP (content security policy)
- violations of distributed denial-of-service (DDOS)
- violations of access restrictions of server directories
We store IP addresses for a maximum period of 180 days in server log files (depending on the log file created).
Further use or transmission of this data happens only with the developer of the website in the event of an error. The analysis acts as function testing of the web server or the website.
The storage occurs for reasons of data security in order to guarantee the stability and reliability of our website. The legal basis for this is Art. 6 (1) (b) GDPR.
We do not, in principle, share your data with third parties unless you have consented to it. For certain areas, however—e. g., for the hosting of our website—we rely on the use of service providers, whom we normally obligate to compliance with the statutory provisions in the course of processing.
1.3 Collection, use and sharing of personal data
1.4 External links
2 Data collection and processing
2.1 Collection and processing during use of the contact form
During use of the contact form, we collect your personal data (name, e-mail address, telephone number, message text, address) only to the extent you provide it. The processing serves the purpose of making contact. The processing occurs on the basis of Art. 6 (1) (b) GDPR.
We use your personal data only for processing your query. Your data is deleted as soon as it is no longer required for achieving the purpose of its collection. This is normally the case when it can be understood from the circumstances that the issue at hand has been finally clarified.
2.2 Contact by e-mail
If you establish contact with us by e-mail, we only use your personal data (name, e-mail address, message text) to make contact with you. The processing occurs on the basis of Art. 6 (1) (b) GDPR. We use your e-mail address only for processing your query. Your data is deleted as soon as it is no longer required for achieving the purpose of its collection. This is normally the case when it can be understood from the circumstances that the issue at hand has been finally clarified.
2.3 Newsletter transmission
Should the occasion arise, newsletters with general and product information may be subscribed to on our website if you have expressly consented. The processing occurs on the basis of Art. 6 (1) (b) GDPR with your consent. In the course of registration for the newsletter, data from the input screen is transmitted to us. Entering an e-mail address is sufficient for receiving the newsletter. Your consent occurs within the scope of a so-called double opt-in. Moreover, in this connection, the IP address of the retrieving computer as well as the date and time of the registration are logged as documentation of your consent. You have the option to revoke your consent with future effect and to unsubscribe from our newsletters at any time, such as through the unsubscribe option provided in the newsletter.
Through technical precautions, the data collected from you in this manner is pseudonymized. It is therefore no longer possible for us as the website operator to associate the data with you as a person. The data is not stored together with other personal data of yours that we have collected.
4 Use of Google products
4.1 Use of Google Analytics
We use Google Analytics to analyze website usage. The data that is acquired in this way is used to optimize our website and advertising efforts.
Google Analytics is a web analysis service that is operated and provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google processes the data on website usage for us and contractually undertakes to take measures to ensure the confidentiality of the processed data.
The following and other data is recorded during your website visit:
- pages retrieved
- your behavior on the pages (such as clicks, scrolling behavior and length of stay)
- your approximate location (country and city)
- your IP address (in truncated form, so that no clear association is possible)
- technical information, such as browser, Internet provider, terminal and screen resolution
- source of your visit (i.e., through which website or advertising medium you have come to us)
This data is transmitted to a server of Google in the United States. For this, Google adheres to the data protection provisions of the “EU-US Privacy Shield” agreement. Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies include a randomly generated user ID, with which you can be recognized during future website visits. The recorded data is stored together with the randomly generated user ID, which facilitates the analysis of pseudonymous user profiles. This user-related data is automatically deleted after fourteen months. Other data remains stored indefinitely in aggregated form. If you should not agree with the collection, you can prevent this with the one-time installation of the browser add-ons for the deactivation of Google Analytics.
4.2 Google Adwords Remarketing / Google Tag Manager
By using this website, you declare your agreement with the processing of the data collected about you by Google in the manner described above and for the aforementioned purpose. The collection and storage of data can be objected to at any time with future effect. You can find further information on Google's policies here.
Our website uses Google Tag Manager for purposes of personalized, interest- and location-based online advertising. Google Tag Manager regulates the option to anonymize IP addresses through an internal setting which is not visible in the source of this page. This internal setting is set in a manner that achieves the required anonymization of the IP addresses.
You can prevent interest-based advertising through the installation of this browser plug-in.
4.3 Google Adwords Conversion Tracking
This website also uses Google Conversion Tracking. In the process, Google AdWords sets a cookie on your computer if you have reached our website through a Google ad. These cookies lose their validity after thirty days and do not serve for personal identification. If the user visits certain pages of the website of the AdWords customer and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was forwarded to this page. Each AdWords customer receives a different cookie. Cookies therefore cannot be tracked through the websites of AdWords customers. Information obtained by means of the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking.
AdWords customers learn the total number of users who have clicked on their ad and were forwarded to a page furnished with a conversion tracking tag. However, you receive no information with which you can personally identify the users. If you do not wish to participate in the tracking process, you can also refuse a required cookie to be set for this—for instance, through a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser in such a way that cookies are blocked from the domain “www.ads.google.com”. You can find Google’s privacy notice on conversion tracking here.
4.4 Web fonts
For a uniform presentation of typefaces, this site uses so-called web fonts supplied by Google. Google fonts are installed locally on our server. This does not create a link with the servers of Google.
This website may include at least one plug-in from YouTube, which is owned by Google, Inc. and domiciled in San Bruno, California, USA. The moment you visit pages of our website that are equipped with a YouTube plug-in, a connection to the servers of YouTube is established. The YouTube server is thereby notified about which specific page of our website you visited. If, in addition, you are logged into your YouTube account, you would enable YouTube to associate your surfing behavior directly with your personal profile. You can prevent this possibility of association if you log out of your account in advance. You can obtain further information on the collection and use of your data by YouTube in the discussion of data privacy at www.youtube.com.
5.1 Social plug-in
This website uses social plug-ins (“plug-ins”) of the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). Plug-ins can be recognized by one of the Facebook logos (white “f” on a blue tile, the term “like” or a “thumbs up” symbol) or are denoted with the suffix “Facebook Social Plugin”. The list and the appearance of the Facebook social plug-ins can be examined here.
When a user accesses a page of this website which contains such a plug-in, his browser establishes a direct link with the servers of Facebook. The content of the plug-in is transmitted by Facebook directly to your browser and integrated by it into the website. The provider therefore has no influence on the scope of the data which Facebook collects by means of this plug-in and therefore informs the users consistent with the state of its knowledge.
By including the plug-in, Facebook obtains the information that a user has accessed the corresponding page of the website. If the user is logged in at Facebook, Facebook can associate the visit with the user's Facebook account. When users interact with the plug-ins—for example, by pressing the “like” button or submitting a comment—the corresponding information is transmitted from your browser directly to Facebook and stored there. If a user is not a member of Facebook, the possibility still exists that Facebook will find out and store his IP address. According to Facebook, only anonymized IP addresses are stored in Germany.
Users can find the purpose and scope of the collection of data and the further processing and use of the data by Facebook as well as the relevant rights and setting options for protecting the user's privacy in the Data Policy of Facebook.
If a user is a member of Facebook and does not want Facebook to collect data about him through this website and link it with his member data stored at Facebook, he must log off from Facebook before visiting the website.
5.2 Facebook Website Custom Audiences
If you wish to object to the use of Facebook Website Custom Audiences, you can do this here.
5.3 Conversion tracking with the Conversion Pixel of Facebook
We utilize the Conversion Pixel or Tracking Pixel of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). By accessing this Pixel from your browser, Facebook can subsequently recognize whether a Facebook ad was successful—in other words, resulted in an online transaction, for example. To this end, we receive exclusively statistical data from Facebook without a reference to a specific person. This enables us to track the effectiveness of Facebook ads for statistical and marketing research purposes. If you are signed in at Facebook, we also expressly refer to its Data Policy.
If you wish to revoke your consent to Conversion Pixel, please go to www.facebook.com/settings?tab=ads.
This website uses the buttons of the service Twitter. These buttons are offered through Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are recognizable by terms such as “Twitter” or “Follow” combined with a stylized blue bird. With the aid of the buttons it is possible to share an article or page from this website with Twitter or to follow the provider at Twitter.
When a user accesses a page of this website which contains such a button, his browser establishes a direct link with the servers of Twitter. Twitter transmits the content of the Twitter buttons directly to the browser of the user. The provider therefore has no influence on the scope of the data which Twitter collects by means of this plug-in and informs the user consistent with the state of its knowledge. To the understanding of the provider, when the button is pressed, only the IP address of the user is transmitted along with the URL of the respective website, but it is not used for purposes other than to display the button.
7 Protection of minors
The consent for the processing of personal data can only be given by a person of legal age. For services of MibeTec, the consent of a child who is at least sixteen years old is lawful pursuant to Art. 8 GDPR.
9 Rights of the data subject
Each data subject has the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR, unless contrary to law (particularly under Art. 15, 17 GDPR, §§ 34 and 35 BDSG).
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1)(e) GDPR (data processing in the public interest) and Article 6 (1)(f) GDPR (data processing based on a weighing of interests).
A writing sent by conventional mail or by e-mail to the following address is sufficient to exercise your rights: Datenschutz.MibeTec@dermapharm.com.
10 Data transmission to third countries
No data is transmitted to locations outside the European Union (so-called third countries) (please note: be mindful of the information on this under paragraphs 4-6).
11 Use of automated decision-making or profiling
In principle, we use no fully automated decision-making or profiling pursuant to Article 22 GDPR. If we should employ these procedures in individual cases, we will inform you separately of this if this is required by law. (Please note: be mindful of the information on this under paragraphs 4-6).